Changes

CA/WoSign Issues

382 bytes removed, 13:47, 20 September 2016

Remove questionable assertion

* This issue does not paint a picture of careful software development practices and quality assurance - having unused code around capable of issuing BR-violating certificates does not seem like responsible practice.

* WoSign assert that the fact that the cert was SHA-1 was a "SHA-1 parameter request" - i.e. the SHA-1-ness was caused by the requester. However, as we understand it, the request was the same as a request which produced a SHA-256 certificate from StartCom, except for the change of the API parameter. Therefore, the SHA-1-ness was WoSign's responsibility, not part of the request.

* The question of why StartCom was able to trigger certificate-issuance code which WoSign has stopped developing and maintaining is also still open.

Gerv

Accountapprovers, antispam, confirm, emeritus

4,925

edits

Changes

CA/WoSign Issues

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools